From 26477cf9e76c636bad2a3fc46cd2deaf203d6f1c Mon Sep 17 00:00:00 2001 From: Lorenzo Leonardini Date: Tue, 9 Jan 2024 21:06:00 +0100 Subject: [PATCH 01/33] fix: solve issues with basic auth username:password in URLs (#11179) * fix: `history.replaceState` with absolute path instead of href (sveltejs/kit#10522) * fix: detect basic auth credentials in URL and remove them * fix: detect basic auth credentials with `document.URL` * fix: remove location.href from replaceState Workaround for chromium bug sveltejs/kit#10522 * fix: change basic auth url credentials detection * Update packages/kit/src/runtime/client/client.js * Update .changeset/long-adults-arrive.md --------- Co-authored-by: Rich Harris --- .changeset/long-adults-arrive.md | 5 +++++ packages/kit/src/runtime/client/client.js | 11 +++++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) create mode 100644 .changeset/long-adults-arrive.md diff --git a/.changeset/long-adults-arrive.md b/.changeset/long-adults-arrive.md new file mode 100644 index 000000000000..1e8da8e73e3b --- /dev/null +++ b/.changeset/long-adults-arrive.md @@ -0,0 +1,5 @@ +--- +'@sveltejs/kit': patch +--- + +fix: reload page on startup if `document.URL` contains credentials diff --git a/packages/kit/src/runtime/client/client.js b/packages/kit/src/runtime/client/client.js index 5bd4bd7bbc89..0cfeb5391b29 100644 --- a/packages/kit/src/runtime/client/client.js +++ b/packages/kit/src/runtime/client/client.js @@ -223,6 +223,14 @@ export async function start(_app, _target, hydrate) { ); } + // detect basic auth credentials in the current URL + // https://github.com/sveltejs/kit/pull/11179 + // if so, refresh the page without credentials + if (document.URL !== location.href) { + // eslint-disable-next-line no-self-assign + location.href = location.href; + } + app = _app; routes = parse(_app); container = __SVELTEKIT_EMBEDDED__ ? _target : document.documentElement; @@ -251,8 +259,7 @@ export async function start(_app, _target, hydrate) { [HISTORY_INDEX]: current_history_index, [NAVIGATION_INDEX]: current_navigation_index }, - '', - location.href + '' ); } From 315a03f9ef3778097fff25a5ec878ea7694cfc46 Mon Sep 17 00:00:00 2001 From: Loris Sigrist <43482866+LorisSigrist@users.noreply.github.com> Date: Tue, 9 Jan 2024 21:13:07 +0100 Subject: [PATCH 02/33] feat: Expose `$env/static/public` in Service Workers (#10994) * Allow importing $env/static/public in service worker * Add Tests * Use env variable in service worker test * fmt * Fix type warnings * Add changeset * Fix lockfile * fix typo * Update changeset Co-authored-by: Ben McCann <322311+benmccann@users.noreply.github.com> * Fix lockfile * fmt * Update packages/kit/src/exports/vite/index.js Co-authored-by: Ben McCann <322311+benmccann@users.noreply.github.com> * fix merge * snake_case etc * snake_case * lockfile * fix * gah --------- Co-authored-by: Ben McCann <322311+benmccann@users.noreply.github.com> Co-authored-by: Rich Harris --- .changeset/proud-pandas-fold.md | 5 ++ packages/kit/src/core/sync/write_tsconfig.js | 7 -- .../vite/build/build_service_worker.js | 79 ++++++++++++------ packages/kit/src/exports/vite/index.js | 20 ++++- .../test/apps/basics/src/service-worker.js | 3 +- .../test/apps/options-2/src/service-worker.js | 3 + .../service-worker-dynamic-public-env/.env | 1 + .../.gitignore | 8 ++ .../service-worker-dynamic-public-env/.npmrc | 1 + .../package.json | 21 +++++ .../src/app.html | 12 +++ .../src/routes/+page.svelte | 1 + .../src/service-worker.js | 3 + .../static/favicon.png | Bin 0 -> 1571 bytes .../svelte.config.js | 4 + .../tsconfig.json | 16 ++++ .../vite.config.js | 14 ++++ .../apps/service-worker-private-env/.env | 1 + .../service-worker-private-env/.gitignore | 8 ++ .../apps/service-worker-private-env/.npmrc | 1 + .../service-worker-private-env/package.json | 21 +++++ .../service-worker-private-env/src/app.html | 12 +++ .../src/routes/+page.svelte | 1 + .../src/service-worker.js | 3 + .../static/favicon.png | Bin 0 -> 1571 bytes .../svelte.config.js | 4 + .../service-worker-private-env/tsconfig.json | 16 ++++ .../service-worker-private-env/vite.config.js | 14 ++++ packages/kit/test/build-errors/env.spec.js | 24 ++++++ pnpm-lock.yaml | 42 ++++++++++ 30 files changed, 311 insertions(+), 34 deletions(-) create mode 100644 .changeset/proud-pandas-fold.md create mode 100644 packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/.env create mode 100644 packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/.gitignore create mode 100644 packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/.npmrc create mode 100644 packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/package.json create mode 100644 packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/src/app.html create mode 100644 packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/src/routes/+page.svelte create mode 100644 packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/src/service-worker.js create mode 100644 packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/static/favicon.png create mode 100644 packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/svelte.config.js create mode 100644 packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/tsconfig.json create mode 100644 packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/vite.config.js create mode 100644 packages/kit/test/build-errors/apps/service-worker-private-env/.env create mode 100644 packages/kit/test/build-errors/apps/service-worker-private-env/.gitignore create mode 100644 packages/kit/test/build-errors/apps/service-worker-private-env/.npmrc create mode 100644 packages/kit/test/build-errors/apps/service-worker-private-env/package.json create mode 100644 packages/kit/test/build-errors/apps/service-worker-private-env/src/app.html create mode 100644 packages/kit/test/build-errors/apps/service-worker-private-env/src/routes/+page.svelte create mode 100644 packages/kit/test/build-errors/apps/service-worker-private-env/src/service-worker.js create mode 100644 packages/kit/test/build-errors/apps/service-worker-private-env/static/favicon.png create mode 100644 packages/kit/test/build-errors/apps/service-worker-private-env/svelte.config.js create mode 100644 packages/kit/test/build-errors/apps/service-worker-private-env/tsconfig.json create mode 100644 packages/kit/test/build-errors/apps/service-worker-private-env/vite.config.js diff --git a/.changeset/proud-pandas-fold.md b/.changeset/proud-pandas-fold.md new file mode 100644 index 000000000000..e8116498670e --- /dev/null +++ b/.changeset/proud-pandas-fold.md @@ -0,0 +1,5 @@ +--- +'@sveltejs/kit': minor +--- + +feat: expose `$env/static/public` in service workers diff --git a/packages/kit/src/core/sync/write_tsconfig.js b/packages/kit/src/core/sync/write_tsconfig.js index 8e2747436f42..73bd239159c9 100644 --- a/packages/kit/src/core/sync/write_tsconfig.js +++ b/packages/kit/src/core/sync/write_tsconfig.js @@ -81,13 +81,6 @@ export function get_tsconfig(kit) { include.add(config_relative(`${test_folder}/**/*.svelte`)); const exclude = [config_relative('node_modules/**')]; - if (path.extname(kit.files.serviceWorker)) { - exclude.push(config_relative(kit.files.serviceWorker)); - } else { - exclude.push(config_relative(`${kit.files.serviceWorker}.js`)); - exclude.push(config_relative(`${kit.files.serviceWorker}.ts`)); - exclude.push(config_relative(`${kit.files.serviceWorker}.d.ts`)); - } const config = { compilerOptions: { diff --git a/packages/kit/src/exports/vite/build/build_service_worker.js b/packages/kit/src/exports/vite/build/build_service_worker.js index 3d3849c6d727..cd594cdad096 100644 --- a/packages/kit/src/exports/vite/build/build_service_worker.js +++ b/packages/kit/src/exports/vite/build/build_service_worker.js @@ -2,7 +2,9 @@ import fs from 'node:fs'; import * as vite from 'vite'; import { dedent } from '../../../core/sync/utils.js'; import { s } from '../../../utils/misc.js'; -import { get_config_aliases } from '../utils.js'; +import { get_config_aliases, strip_virtual_prefix, get_env } from '../utils.js'; +import { create_static_module } from '../../../core/env.js'; +import { env_static_public, service_worker } from '../module_ids.js'; /** * @param {string} out @@ -30,37 +32,63 @@ export async function build_service_worker( assets.forEach((file) => build.add(file)); } - const service_worker = `${kit.outDir}/generated/service-worker.js`; - // in a service worker, `location` is the location of the service worker itself, // which is guaranteed to be `/service-worker.js` const base = "location.pathname.split('/').slice(0, -1).join('/')"; - fs.writeFileSync( - service_worker, - dedent` - export const base = /*@__PURE__*/ ${base}; + const service_worker_code = dedent` + export const base = /*@__PURE__*/ ${base}; + + export const build = [ + ${Array.from(build) + .map((file) => `base + ${s(`/${file}`)}`) + .join(',\n')} + ]; + + export const files = [ + ${manifest_data.assets + .filter((asset) => kit.serviceWorker.files(asset.file)) + .map((asset) => `base + ${s(`/${asset.file}`)}`) + .join(',\n')} + ]; + + export const prerendered = [ + ${prerendered.paths.map((path) => `base + ${s(path.replace(kit.paths.base, ''))}`).join(',\n')} + ]; + + export const version = ${s(kit.version.name)}; + `; + + const env = get_env(kit.env, vite_config.mode); - export const build = [ - ${Array.from(build) - .map((file) => `base + ${s(`/${file}`)}`) - .join(',\n')} - ]; + /** + * @type {import('vite').Plugin} + */ + const sw_virtual_modules = { + name: 'service-worker-build-virtual-modules', + async resolveId(id) { + if (id.startsWith('$env/') || id.startsWith('$app/') || id === '$service-worker') { + return `\0virtual:${id}`; + } + }, + + async load(id) { + if (!id.startsWith('\0virtual:')) return; - export const files = [ - ${manifest_data.assets - .filter((asset) => kit.serviceWorker.files(asset.file)) - .map((asset) => `base + ${s(`/${asset.file}`)}`) - .join(',\n')} - ]; + if (id === service_worker) { + return service_worker_code; + } - export const prerendered = [ - ${prerendered.paths.map((path) => `base + ${s(path.replace(kit.paths.base, ''))}`).join(',\n')} - ]; + if (id === env_static_public) { + return create_static_module('$env/static/public', env.public); + } - export const version = ${s(kit.version.name)}; - ` - ); + const stripped = strip_virtual_prefix(id); + throw new Error( + `Cannot import ${stripped} into service-worker code. Only the modules $service-worker and $env/static/public are available in service workers.` + ); + } + }; await vite.build({ build: { @@ -82,8 +110,9 @@ export async function build_service_worker( configFile: false, define: vite_config.define, publicDir: false, + plugins: [sw_virtual_modules], resolve: { - alias: [...get_config_aliases(kit), { find: '$service-worker', replacement: service_worker }] + alias: [...get_config_aliases(kit)] }, experimental: { renderBuiltUrl(filename) { diff --git a/packages/kit/src/exports/vite/index.js b/packages/kit/src/exports/vite/index.js index 1c121d322292..60375a2a3f84 100644 --- a/packages/kit/src/exports/vite/index.js +++ b/packages/kit/src/exports/vite/index.js @@ -216,6 +216,7 @@ async function kit({ svelte_config }) { let initial_config; const service_worker_entry_file = resolve_entry(kit.files.serviceWorker); + const parsed_service_worker = path.parse(kit.files.serviceWorker); const sourcemapIgnoreList = /** @param {string} relative_path */ (relative_path) => relative_path.includes('node_modules') || relative_path.includes(kit.outDir); @@ -355,7 +356,24 @@ async function kit({ svelte_config }) { const plugin_virtual_modules = { name: 'vite-plugin-sveltekit-virtual-modules', - async resolveId(id) { + async resolveId(id, importer) { + // If importing from a service-worker, only allow $service-worker & $env/static/public, but none of the other virtual modules. + // This check won't catch transitive imports, but it will warn when the import comes from a service-worker directly. + // Transitive imports will be caught during the build. + if (importer) { + const parsed_importer = path.parse(importer); + + const importer_is_service_worker = + parsed_importer.dir === parsed_service_worker.dir && + parsed_importer.name === parsed_service_worker.name; + + if (importer_is_service_worker && id !== '$service-worker' && id !== '$env/static/public') { + throw new Error( + `Cannot import ${id} into service-worker code. Only the modules $service-worker and $env/static/public are available in service workers.` + ); + } + } + // treat $env/static/[public|private] as virtual if (id.startsWith('$env/') || id.startsWith('__sveltekit/') || id === '$service-worker') { return `\0virtual:${id}`; diff --git a/packages/kit/test/apps/basics/src/service-worker.js b/packages/kit/test/apps/basics/src/service-worker.js index 9b804c43b3fc..fc3dbc27600f 100644 --- a/packages/kit/test/apps/basics/src/service-worker.js +++ b/packages/kit/test/apps/basics/src/service-worker.js @@ -1,6 +1,7 @@ import { build, version } from '$service-worker'; +import { PUBLIC_STATIC } from '$env/static/public'; -const name = `cache-${version}`; +const name = `cache-${version}-${PUBLIC_STATIC}`; self.addEventListener('install', (event) => { // @ts-expect-error diff --git a/packages/kit/test/apps/options-2/src/service-worker.js b/packages/kit/test/apps/options-2/src/service-worker.js index 7c332abaa6da..5d2346ffc333 100644 --- a/packages/kit/test/apps/options-2/src/service-worker.js +++ b/packages/kit/test/apps/options-2/src/service-worker.js @@ -1,8 +1,11 @@ import { base, build, version } from '$service-worker'; import src from './image.jpg?url'; +//@ts-ignore self.base = base; +//@ts-ignore self.build = build; +//@ts-ignore self.image_src = src; const name = `cache-${version}`; diff --git a/packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/.env b/packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/.env new file mode 100644 index 000000000000..dbbba5a4b5c8 --- /dev/null +++ b/packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/.env @@ -0,0 +1 @@ +PUBLIC_SHOULD_EXPLODE=boom \ No newline at end of file diff --git a/packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/.gitignore b/packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/.gitignore new file mode 100644 index 000000000000..f7382cf7da25 --- /dev/null +++ b/packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/.gitignore @@ -0,0 +1,8 @@ +.DS_Store +node_modules +/build +/.svelte-kit +/package +!.env +.env.* +!.env.example diff --git a/packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/.npmrc b/packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/.npmrc new file mode 100644 index 000000000000..b6f27f135954 --- /dev/null +++ b/packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/.npmrc @@ -0,0 +1 @@ +engine-strict=true diff --git a/packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/package.json b/packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/package.json new file mode 100644 index 000000000000..05c500df8808 --- /dev/null +++ b/packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/package.json @@ -0,0 +1,21 @@ +{ + "name": "service-worker-dynamic-public-env", + "version": "0.0.1", + "private": true, + "scripts": { + "dev": "vite dev", + "build": "vite build", + "preview": "vite preview", + "check": "svelte-kit sync && tsc && svelte-check", + "check:watch": "svelte-check --watch" + }, + "devDependencies": { + "@sveltejs/kit": "workspace:^", + "@sveltejs/vite-plugin-svelte": "^3.0.1", + "svelte": "^4.2.8", + "svelte-check": "^3.6.2", + "typescript": "^5.3.3", + "vite": "^5.0.8" + }, + "type": "module" +} diff --git a/packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/src/app.html b/packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/src/app.html new file mode 100644 index 000000000000..866ddd01e176 --- /dev/null +++ b/packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/src/app.html @@ -0,0 +1,12 @@ + + + + + + + %sveltekit.head% + + +
%sveltekit.body%
+ + diff --git a/packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/src/routes/+page.svelte b/packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/src/routes/+page.svelte new file mode 100644 index 000000000000..cae41f739e76 --- /dev/null +++ b/packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/src/routes/+page.svelte @@ -0,0 +1 @@ +

Bonjour

diff --git a/packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/src/service-worker.js b/packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/src/service-worker.js new file mode 100644 index 000000000000..ac71ffc2a4b8 --- /dev/null +++ b/packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/src/service-worker.js @@ -0,0 +1,3 @@ +import { env } from '$env/dynamic/public'; + +console.log('Logging dynamic public env', env.PUBLIC_SHOULD_EXPLODE); diff --git a/packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/static/favicon.png b/packages/kit/test/build-errors/apps/service-worker-dynamic-public-env/static/favicon.png new file mode 100644 index 0000000000000000000000000000000000000000..825b9e65af7c104cfb07089bb28659393b4f2097 GIT binary patch literal 1571 zcmV+;2Hg3HP)Px)-AP12RCwC$UE6KzI1p6{F2N z1VK2vi|pOpn{~#djwYcWXTI_im_u^TJgMZ4JMOsSj!0ma>B?-(Hr@X&W@|R-$}W@Z zgj#$x=!~7LGqHW?IO8+*oE1MyDp!G=L0#^lUx?;!fXv@l^6SvTnf^ac{5OurzC#ZMYc20lI%HhX816AYVs1T3heS1*WaWH z%;x>)-J}YB5#CLzU@GBR6sXYrD>Vw(Fmt#|JP;+}<#6b63Ike{Fuo!?M{yEffez;| zp!PfsuaC)>h>-AdbnwN13g*1LowNjT5?+lFVd#9$!8Z9HA|$*6dQ8EHLu}U|obW6f z2%uGv?vr=KNq7YYa2Roj;|zooo<)lf=&2yxM@e`kM$CmCR#x>gI>I|*Ubr({5Y^rb zghxQU22N}F51}^yfDSt786oMTc!W&V;d?76)9KXX1 z+6Okem(d}YXmmOiZq$!IPk5t8nnS{%?+vDFz3BevmFNgpIod~R{>@#@5x9zJKEHLHv!gHeK~n)Ld!M8DB|Kfe%~123&Hz1Z(86nU7*G5chmyDe ziV7$pB7pJ=96hpxHv9rCR29%bLOXlKU<_13_M8x)6;P8E1Kz6G<&P?$P^%c!M5`2` zfY2zg;VK5~^>TJGQzc+33-n~gKt{{of8GzUkWmU110IgI0DLxRIM>0US|TsM=L|@F z0Bun8U!cRB7-2apz=y-7*UxOxz@Z0)@QM)9wSGki1AZ38ceG7Q72z5`i;i=J`ILzL z@iUO?SBBG-0cQuo+an4TsLy-g-x;8P4UVwk|D8{W@U1Zi z!M)+jqy@nQ$p?5tsHp-6J304Q={v-B>66$P0IDx&YT(`IcZ~bZfmn11#rXd7<5s}y zBi9eim&zQc0Dk|2>$bs0PnLmDfMP5lcXRY&cvJ=zKxI^f0%-d$tD!`LBf9^jMSYUA zI8U?CWdY@}cRq6{5~y+)#h1!*-HcGW@+gZ4B};0OnC~`xQOyH19z*TA!!BJ%9s0V3F?CAJ{hTd#*tf+ur-W9MOURF-@B77_-OshsY}6 zOXRY=5%C^*26z?l)1=$bz30!so5tfABdSYzO+H=CpV~aaUefmjvfZ3Ttu9W&W3Iu6 zROlh0MFA5h;my}8lB0tAV-Rvc2Zs_CCSJnx@d`**$idgy-iMob4dJWWw|21b4NB=LfsYp0Aeh{Ov)yztQi;eL4y5 zMi>8^SzKqk8~k?UiQK^^-5d8c%bV?$F8%X~czyiaKCI2=UH + + + + + + %sveltekit.head% + + +
%sveltekit.body%
+ + diff --git a/packages/kit/test/build-errors/apps/service-worker-private-env/src/routes/+page.svelte b/packages/kit/test/build-errors/apps/service-worker-private-env/src/routes/+page.svelte new file mode 100644 index 000000000000..cae41f739e76 --- /dev/null +++ b/packages/kit/test/build-errors/apps/service-worker-private-env/src/routes/+page.svelte @@ -0,0 +1 @@ +

Bonjour

diff --git a/packages/kit/test/build-errors/apps/service-worker-private-env/src/service-worker.js b/packages/kit/test/build-errors/apps/service-worker-private-env/src/service-worker.js new file mode 100644 index 000000000000..39570b27e4b6 --- /dev/null +++ b/packages/kit/test/build-errors/apps/service-worker-private-env/src/service-worker.js @@ -0,0 +1,3 @@ +import { env } from '$env/dynamic/private'; + +console.log('Logging private env', env); diff --git a/packages/kit/test/build-errors/apps/service-worker-private-env/static/favicon.png b/packages/kit/test/build-errors/apps/service-worker-private-env/static/favicon.png new file mode 100644 index 0000000000000000000000000000000000000000..825b9e65af7c104cfb07089bb28659393b4f2097 GIT binary patch literal 1571 zcmV+;2Hg3HP)Px)-AP12RCwC$UE6KzI1p6{F2N z1VK2vi|pOpn{~#djwYcWXTI_im_u^TJgMZ4JMOsSj!0ma>B?-(Hr@X&W@|R-$}W@Z zgj#$x=!~7LGqHW?IO8+*oE1MyDp!G=L0#^lUx?;!fXv@l^6SvTnf^ac{5OurzC#ZMYc20lI%HhX816AYVs1T3heS1*WaWH z%;x>)-J}YB5#CLzU@GBR6sXYrD>Vw(Fmt#|JP;+}<#6b63Ike{Fuo!?M{yEffez;| zp!PfsuaC)>h>-AdbnwN13g*1LowNjT5?+lFVd#9$!8Z9HA|$*6dQ8EHLu}U|obW6f z2%uGv?vr=KNq7YYa2Roj;|zooo<)lf=&2yxM@e`kM$CmCR#x>gI>I|*Ubr({5Y^rb zghxQU22N}F51}^yfDSt786oMTc!W&V;d?76)9KXX1 z+6Okem(d}YXmmOiZq$!IPk5t8nnS{%?+vDFz3BevmFNgpIod~R{>@#@5x9zJKEHLHv!gHeK~n)Ld!M8DB|Kfe%~123&Hz1Z(86nU7*G5chmyDe ziV7$pB7pJ=96hpxHv9rCR29%bLOXlKU<_13_M8x)6;P8E1Kz6G<&P?$P^%c!M5`2` zfY2zg;VK5~^>TJGQzc+33-n~gKt{{of8GzUkWmU110IgI0DLxRIM>0US|TsM=L|@F z0Bun8U!cRB7-2apz=y-7*UxOxz@Z0)@QM)9wSGki1AZ38ceG7Q72z5`i;i=J`ILzL z@iUO?SBBG-0cQuo+an4TsLy-g-x;8P4UVwk|D8{W@U1Zi z!M)+jqy@nQ$p?5tsHp-6J304Q={v-B>66$P0IDx&YT(`IcZ~bZfmn11#rXd7<5s}y zBi9eim&zQc0Dk|2>$bs0PnLmDfMP5lcXRY&cvJ=zKxI^f0%-d$tD!`LBf9^jMSYUA zI8U?CWdY@}cRq6{5~y+)#h1!*-HcGW@+gZ4B};0OnC~`xQOyH19z*TA!!BJ%9s0V3F?CAJ{hTd#*tf+ur-W9MOURF-@B77_-OshsY}6 zOXRY=5%C^*26z?l)1=$bz30!so5tfABdSYzO+H=CpV~aaUefmjvfZ3Ttu9W&W3Iu6 zROlh0MFA5h;my}8lB0tAV-Rvc2Zs_CCSJnx@d`**$idgy-iMob4dJWWw|21b4NB=LfsYp0Aeh{Ov)yztQi;eL4y5 zMi>8^SzKqk8~k?UiQK^^-5d8c%bV?$F8%X~czyiaKCI2=UH /.*Cannot import \$env\/static\/private into client-side code:.*/gs ); }); + +test('$env/dynamic/private is not importable from the service worker', () => { + assert.throws( + () => + execSync('pnpm build', { + cwd: path.join(process.cwd(), 'apps/service-worker-private-env'), + stdio: 'pipe', + timeout: 60000 + }), + /.*Cannot import \$env\/dynamic\/private into service-worker code.*/gs + ); +}); + +test('$env/dynamic/public is not importable from the service worker', () => { + assert.throws( + () => + execSync('pnpm build', { + cwd: path.join(process.cwd(), 'apps/service-worker-dynamic-public-env'), + stdio: 'pipe', + timeout: 60000 + }), + /.*Cannot import \$env\/dynamic\/public into service-worker code.*/gs + ); +}); diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 0414163a8a27..f0102dfdb2b7 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -943,6 +943,48 @@ importers: specifier: ^5.0.8 version: 5.0.8(@types/node@18.19.3)(lightningcss@1.22.1) + packages/kit/test/build-errors/apps/service-worker-dynamic-public-env: + devDependencies: + '@sveltejs/kit': + specifier: workspace:^ + version: link:../../../.. + '@sveltejs/vite-plugin-svelte': + specifier: ^3.0.1 + version: 3.0.1(svelte@4.2.8)(vite@5.0.8) + svelte: + specifier: ^4.2.8 + version: 4.2.8 + svelte-check: + specifier: ^3.6.2 + version: 3.6.2(postcss@8.4.32)(svelte@4.2.8) + typescript: + specifier: ^5.3.3 + version: 5.3.3 + vite: + specifier: ^5.0.8 + version: 5.0.8(@types/node@18.19.3)(lightningcss@1.22.1) + + packages/kit/test/build-errors/apps/service-worker-private-env: + devDependencies: + '@sveltejs/kit': + specifier: workspace:^ + version: link:../../../.. + '@sveltejs/vite-plugin-svelte': + specifier: ^3.0.1 + version: 3.0.1(svelte@4.2.8)(vite@5.0.8) + svelte: + specifier: ^4.2.8 + version: 4.2.8 + svelte-check: + specifier: ^3.6.2 + version: 3.6.2(postcss@8.4.32)(svelte@4.2.8) + typescript: + specifier: ^5.3.3 + version: 5.3.3 + vite: + specifier: ^5.0.8 + version: 5.0.8(@types/node@18.19.3)(lightningcss@1.22.1) + packages/kit/test/build-errors/apps/syntax-error: devDependencies: '@sveltejs/kit': From df193b7b9bee62b78aa75388b8bb1110d89bf476 Mon Sep 17 00:00:00 2001 From: "Willow (GHOST)" Date: Tue, 9 Jan 2024 20:49:23 +0000 Subject: [PATCH 03/33] chore: playground followup (#10629) * fix: name * add all deps * update scripts * change how ignoring works * change back to other method * add package playground * fix: remove dep * chore: merge playgrounds --------- Co-authored-by: Rich Harris --- package.json | 4 +- playgrounds/{basic => }/README.md | 4 +- playgrounds/basic/package.json | 38 +++++++++++++++-- pnpm-lock.yaml | 70 +++++++++++++++++++++++++++++++ 4 files changed, 109 insertions(+), 7 deletions(-) rename playgrounds/{basic => }/README.md (73%) diff --git a/package.json b/package.json index 876a8197f505..ff148bffef75 100644 --- a/package.json +++ b/package.json @@ -16,7 +16,9 @@ "precommit": "pnpm format && pnpm lint", "changeset:version": "changeset version && pnpm -r generate:version && git add --all", "changeset:release": "changeset publish", - "start": "cd sites/kit.svelte.dev && npm run dev" + "start": "cd sites/kit.svelte.dev && npm run dev", + "build": "pnpm --filter @sveltejs/* -r build", + "postinstall": "pnpm -r generate:types && pnpm build" }, "devDependencies": { "@changesets/cli": "^2.27.1", diff --git a/playgrounds/basic/README.md b/playgrounds/README.md similarity index 73% rename from playgrounds/basic/README.md rename to playgrounds/README.md index adb570111453..fd5bb23e164f 100644 --- a/playgrounds/basic/README.md +++ b/playgrounds/README.md @@ -1,5 +1,5 @@ -You may use this package to experiment with your changes to SvelteKit. +You may use these playgrounds to experiment with your changes to SvelteKit. To prevent any changes you make in this directory from being accidentally committed, run `git update-index --skip-worktree ./**/*.*` in this directory. -If you would actually like to make some changes to the files here for everyone then run `git update-index --no-skip-worktree ./**/*.*` before committing. +If you would actually like to make some changes to the files here for everyone then run `git update-index --no-skip-worktree ./**/*.*` before committing. \ No newline at end of file diff --git a/playgrounds/basic/package.json b/playgrounds/basic/package.json index 72babc8b7f31..a30cc73f60c9 100644 --- a/playgrounds/basic/package.json +++ b/playgrounds/basic/package.json @@ -1,19 +1,49 @@ { - "name": "playground", + "name": "playground-basic", "version": "0.0.0", "private": true, "scripts": { "dev": "vite dev", - "build": "vite build", - "preview": "vite preview" + "build": "vite build && npm run package", + "preview": "vite preview", + "package": "svelte-kit sync && svelte-package && publint", + "prepublishOnly": "npm run package", + "check": "svelte-kit sync && svelte-check --tsconfig ./jsconfig.json", + "check:watch": "svelte-kit sync && svelte-check --tsconfig ./jsconfig.json --watch" }, "devDependencies": { "@sveltejs/adapter-auto": "workspace:*", + "@sveltejs/adapter-cloudflare": "workspace:*", + "@sveltejs/adapter-cloudflare-workers": "workspace:*", + "@sveltejs/adapter-netlify": "workspace:*", + "@sveltejs/adapter-node": "workspace:*", + "@sveltejs/adapter-static": "workspace:*", + "@sveltejs/adapter-vercel": "workspace:*", + "@sveltejs/amp": "workspace:*", "@sveltejs/kit": "workspace:*", + "@sveltejs/package": "workspace:*", "@sveltejs/vite-plugin-svelte": "^3.0.1", + "publint": "^0.1.9", "svelte": "^4.2.8", + "svelte-check": "^3.6.0", "typescript": "^5.3.3", "vite": "^5.0.8" }, - "type": "module" + "type": "module", + "exports": { + ".": { + "types": "./dist/index.d.ts", + "svelte": "./dist/index.js" + } + }, + "files": [ + "dist", + "!dist/**/*.test.*", + "!dist/**/*.spec.*" + ], + "peerDependencies": { + "svelte": "^4.0.0" + }, + "svelte": "./dist/index.js", + "types": "./dist/index.d.ts" } diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index f0102dfdb2b7..3930ef2b3ecf 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -1163,15 +1163,45 @@ importers: '@sveltejs/adapter-auto': specifier: workspace:* version: link:../../packages/adapter-auto + '@sveltejs/adapter-cloudflare': + specifier: workspace:* + version: link:../../packages/adapter-cloudflare + '@sveltejs/adapter-cloudflare-workers': + specifier: workspace:* + version: link:../../packages/adapter-cloudflare-workers + '@sveltejs/adapter-netlify': + specifier: workspace:* + version: link:../../packages/adapter-netlify + '@sveltejs/adapter-node': + specifier: workspace:* + version: link:../../packages/adapter-node + '@sveltejs/adapter-static': + specifier: workspace:* + version: link:../../packages/adapter-static + '@sveltejs/adapter-vercel': + specifier: workspace:* + version: link:../../packages/adapter-vercel + '@sveltejs/amp': + specifier: workspace:* + version: link:../../packages/amp '@sveltejs/kit': specifier: workspace:* version: link:../../packages/kit + '@sveltejs/package': + specifier: workspace:* + version: link:../../packages/package '@sveltejs/vite-plugin-svelte': specifier: ^3.0.1 version: 3.0.1(svelte@4.2.8)(vite@5.0.8) + publint: + specifier: ^0.1.9 + version: 0.1.16 svelte: specifier: ^4.2.8 version: 4.2.8 + svelte-check: + specifier: ^3.6.0 + version: 3.6.2(postcss@8.4.32)(svelte@4.2.8) typescript: specifier: ^5.3.3 version: 5.3.3 @@ -4118,6 +4148,13 @@ packages: safer-buffer: 2.1.2 dev: true + /ignore-walk@5.0.1: + resolution: {integrity: sha512-yemi4pMf51WKT7khInJqAvsIGzoqYXblnsz0ql8tM+yi1EKYTY1evX4NAbJrLL/Aanr2HyZeluqU+Oi7MGHokw==} + engines: {node: ^12.13.0 || ^14.15.0 || >=16.0.0} + dependencies: + minimatch: 5.1.6 + dev: true + /ignore@5.3.0: resolution: {integrity: sha512-g7dmpshy+gD7mh88OC9NwSGTKoc3kyLAZQRU1mt53Aw/vnvfXnbC+F/7F7QoYVKbV+KNvJx8wArewKy1vXMtlg==} engines: {node: '>= 4'} @@ -4906,6 +4943,29 @@ packages: resolution: {integrity: sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==} engines: {node: '>=0.10.0'} + /npm-bundled@2.0.1: + resolution: {integrity: sha512-gZLxXdjEzE/+mOstGDqR6b0EkhJ+kM6fxM6vUuckuctuVPh80Q6pw/rSZj9s4Gex9GxWtIicO1pc8DB9KZWudw==} + engines: {node: ^12.13.0 || ^14.15.0 || >=16.0.0} + dependencies: + npm-normalize-package-bin: 2.0.0 + dev: true + + /npm-normalize-package-bin@2.0.0: + resolution: {integrity: sha512-awzfKUO7v0FscrSpRoogyNm0sajikhBWpU0QMrW09AMi9n1PoKU6WaIqUzuJSQnpciZZmJ/jMZ2Egfmb/9LiWQ==} + engines: {node: ^12.13.0 || ^14.15.0 || >=16.0.0} + dev: true + + /npm-packlist@5.1.3: + resolution: {integrity: sha512-263/0NGrn32YFYi4J533qzrQ/krmmrWwhKkzwTuM4f/07ug51odoaNjUexxO4vxlzURHcmYMH1QjvHjsNDKLVg==} + engines: {node: ^12.13.0 || ^14.15.0 || >=16.0.0} + hasBin: true + dependencies: + glob: 8.1.0 + ignore-walk: 5.0.1 + npm-bundled: 2.0.1 + npm-normalize-package-bin: 2.0.0 + dev: true + /npm-run-path@5.1.0: resolution: {integrity: sha512-sJOdmRGrY2sjNTRMbSvluQqg+8X7ZK61yvzBEIDhz4f8z1TZFYABsqjjCBd/0PUNE9M6QDgHJXQkGUEm7Q+l9Q==} engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0} @@ -5279,6 +5339,16 @@ packages: resolution: {integrity: sha512-b/YwNhb8lk1Zz2+bXXpS/LK9OisiZZ1SNsSLxN1x2OXVEhW2Ckr/7mWE5vrC1ZTiJlD9g19jWszTmJsB+oEpFQ==} dev: true + /publint@0.1.16: + resolution: {integrity: sha512-wJgk7HnXDT5Ap0DjFYbGz78kPkN44iQvDiaq8P63IEEyNU9mYXvaMd2cAyIM6OgqXM/IA3CK6XWIsRq+wjNpgw==} + engines: {node: '>=16'} + hasBin: true + dependencies: + npm-packlist: 5.1.3 + picocolors: 1.0.0 + sade: 1.8.1 + dev: true + /punycode@2.3.1: resolution: {integrity: sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==} engines: {node: '>=6'} From d16b32b3179be4b72bd2b9ba1fe6c325aada3331 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 9 Jan 2024 16:01:31 -0500 Subject: [PATCH 04/33] chore(deps): update dependency publint to ^0.2.0 (#11567) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- playgrounds/basic/package.json | 2 +- pnpm-lock.yaml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/playgrounds/basic/package.json b/playgrounds/basic/package.json index a30cc73f60c9..9080a2c01c0f 100644 --- a/playgrounds/basic/package.json +++ b/playgrounds/basic/package.json @@ -23,7 +23,7 @@ "@sveltejs/kit": "workspace:*", "@sveltejs/package": "workspace:*", "@sveltejs/vite-plugin-svelte": "^3.0.1", - "publint": "^0.1.9", + "publint": "^0.2.0", "svelte": "^4.2.8", "svelte-check": "^3.6.0", "typescript": "^5.3.3", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 3930ef2b3ecf..01ce55b2995d 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -1194,8 +1194,8 @@ importers: specifier: ^3.0.1 version: 3.0.1(svelte@4.2.8)(vite@5.0.8) publint: - specifier: ^0.1.9 - version: 0.1.16 + specifier: ^0.2.0 + version: 0.2.7 svelte: specifier: ^4.2.8 version: 4.2.8 @@ -5339,8 +5339,8 @@ packages: resolution: {integrity: sha512-b/YwNhb8lk1Zz2+bXXpS/LK9OisiZZ1SNsSLxN1x2OXVEhW2Ckr/7mWE5vrC1ZTiJlD9g19jWszTmJsB+oEpFQ==} dev: true - /publint@0.1.16: - resolution: {integrity: sha512-wJgk7HnXDT5Ap0DjFYbGz78kPkN44iQvDiaq8P63IEEyNU9mYXvaMd2cAyIM6OgqXM/IA3CK6XWIsRq+wjNpgw==} + /publint@0.2.7: + resolution: {integrity: sha512-tLU4ee3110BxWfAmCZggJmCUnYWgPTr0QLnx08sqpLYa8JHRiOudd+CgzdpfU5x5eOaW2WMkpmOrFshRFYK7Mw==} engines: {node: '>=16'} hasBin: true dependencies: From 320611c9bc476acb4e6f0736242fa2c264b91cf2 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 9 Jan 2024 16:01:53 -0500 Subject: [PATCH 05/33] Version Packages (#11565) Co-authored-by: github-actions[bot] --- .changeset/long-adults-arrive.md | 5 ----- .changeset/proud-pandas-fold.md | 5 ----- packages/kit/CHANGELOG.md | 10 ++++++++++ packages/kit/package.json | 2 +- packages/kit/src/version.js | 2 +- 5 files changed, 12 insertions(+), 12 deletions(-) delete mode 100644 .changeset/long-adults-arrive.md delete mode 100644 .changeset/proud-pandas-fold.md diff --git a/.changeset/long-adults-arrive.md b/.changeset/long-adults-arrive.md deleted file mode 100644 index 1e8da8e73e3b..000000000000 --- a/.changeset/long-adults-arrive.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -'@sveltejs/kit': patch ---- - -fix: reload page on startup if `document.URL` contains credentials diff --git a/.changeset/proud-pandas-fold.md b/.changeset/proud-pandas-fold.md deleted file mode 100644 index e8116498670e..000000000000 --- a/.changeset/proud-pandas-fold.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -'@sveltejs/kit': minor ---- - -feat: expose `$env/static/public` in service workers diff --git a/packages/kit/CHANGELOG.md b/packages/kit/CHANGELOG.md index aa8d88b0c30d..07be91bbf0d8 100644 --- a/packages/kit/CHANGELOG.md +++ b/packages/kit/CHANGELOG.md @@ -1,5 +1,15 @@ # @sveltejs/kit +## 2.2.0 + +### Minor Changes + +- feat: expose `$env/static/public` in service workers ([#10994](https://github.com/sveltejs/kit/pull/10994)) + +### Patch Changes + +- fix: reload page on startup if `document.URL` contains credentials ([#11179](https://github.com/sveltejs/kit/pull/11179)) + ## 2.1.2 ### Patch Changes diff --git a/packages/kit/package.json b/packages/kit/package.json index d654baf8be6c..ea1da3c971b9 100644 --- a/packages/kit/package.json +++ b/packages/kit/package.json @@ -1,6 +1,6 @@ { "name": "@sveltejs/kit", - "version": "2.1.2", + "version": "2.2.0", "description": "The fastest way to build Svelte apps", "repository": { "type": "git", diff --git a/packages/kit/src/version.js b/packages/kit/src/version.js index 2c52f3690032..01a4d2bbff48 100644 --- a/packages/kit/src/version.js +++ b/packages/kit/src/version.js @@ -1,4 +1,4 @@ // generated during release, do not modify /** @type {string} */ -export const VERSION = '2.1.2'; +export const VERSION = '2.2.0'; From 5184af01a15a86300d45e960868082bd840379a4 Mon Sep 17 00:00:00 2001 From: Ben McCann <322311+benmccann@users.noreply.github.com> Date: Tue, 9 Jan 2024 13:34:40 -0800 Subject: [PATCH 06/33] chore: add @since tags to config options (#11569) --- packages/kit/src/exports/public.d.ts | 7 +++++++ packages/kit/types/index.d.ts | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/packages/kit/src/exports/public.d.ts b/packages/kit/src/exports/public.d.ts index caf0113680a1..c9b1ab6a1f9c 100644 --- a/packages/kit/src/exports/public.d.ts +++ b/packages/kit/src/exports/public.d.ts @@ -370,6 +370,7 @@ export interface KitConfig { /** * A prefix that signals that an environment variable is unsafe to expose to client-side code. Environment variables matching neither the public nor the private prefix will be discarded completely. See [`$env/static/private`](/docs/modules#$env-static-private) and [`$env/dynamic/private`](/docs/modules#$env-dynamic-private). * @default "" + * @since 1.21.0 */ privatePrefix?: string; }; @@ -453,6 +454,7 @@ export interface KitConfig { * - `preload-js` - uses ``. Prevents waterfalls in Chromium and Safari, but Chromium will parse each module twice (once as a script, once as a module). Causes modules to be requested twice in Firefox. This is a good setting if you want to maximise performance for users on iOS devices at the cost of a very slight degradation for Chromium users. * - `preload-mjs` - uses `` but with the `.mjs` extension which prevents double-parsing in Chromium. Some static webservers will fail to serve .mjs files with a `Content-Type: application/javascript` header, which will cause your application to break. If that doesn't apply to you, this is the option that will deliver the best performance for the largest number of users, until `modulepreload` is more widely supported. * @default "modulepreload" + * @since 1.8.4 */ preloadStrategy?: 'modulepreload' | 'preload-js' | 'preload-mjs'; }; @@ -480,6 +482,7 @@ export interface KitConfig { * In 1.0, `undefined` was a valid value, which was set by default. In that case, if `paths.assets` was not external, SvelteKit would replace `%sveltekit.assets%` with a relative path and use relative paths to reference build artifacts, but `base` and `assets` imported from `$app/paths` would be as specified in your config. * * @default true + * @since 1.9.0 */ relative?: boolean; }; @@ -531,6 +534,7 @@ export interface KitConfig { * ``` * * @default "fail" + * @since 1.15.7 */ handleHttpError?: PrerenderHttpErrorHandlerValue; /** @@ -542,6 +546,7 @@ export interface KitConfig { * - `(details) => void` — a custom error handler that takes a `details` object with `path`, `id`, `referrers` and `message` properties. If you `throw` from this function, the build will fail * * @default "fail" + * @since 1.15.7 */ handleMissingId?: PrerenderMissingIdHandlerValue; /** @@ -553,6 +558,7 @@ export interface KitConfig { * - `(details) => void` — a custom error handler that takes a `details` object with `generatedFromId`, `entry`, `matchedId` and `message` properties. If you `throw` from this function, the build will fail * * @default "fail" + * @since 1.16.0 */ handleEntryGeneratorMismatch?: PrerenderEntryGeneratorMismatchHandlerValue; /** @@ -578,6 +584,7 @@ export interface KitConfig { * A function that allows you to edit the generated `tsconfig.json`. You can mutate the config (recommended) or return a new one. * This is useful for extending a shared `tsconfig.json` in a monorepo root, for example. * @default (config) => config + * @since 1.3.0 */ config?: (config: Record) => Record | void; }; diff --git a/packages/kit/types/index.d.ts b/packages/kit/types/index.d.ts index 8a5b2d1c071f..c92970267010 100644 --- a/packages/kit/types/index.d.ts +++ b/packages/kit/types/index.d.ts @@ -352,6 +352,7 @@ declare module '@sveltejs/kit' { /** * A prefix that signals that an environment variable is unsafe to expose to client-side code. Environment variables matching neither the public nor the private prefix will be discarded completely. See [`$env/static/private`](/docs/modules#$env-static-private) and [`$env/dynamic/private`](/docs/modules#$env-dynamic-private). * @default "" + * @since 1.21.0 */ privatePrefix?: string; }; @@ -435,6 +436,7 @@ declare module '@sveltejs/kit' { * - `preload-js` - uses ``. Prevents waterfalls in Chromium and Safari, but Chromium will parse each module twice (once as a script, once as a module). Causes modules to be requested twice in Firefox. This is a good setting if you want to maximise performance for users on iOS devices at the cost of a very slight degradation for Chromium users. * - `preload-mjs` - uses `` but with the `.mjs` extension which prevents double-parsing in Chromium. Some static webservers will fail to serve .mjs files with a `Content-Type: application/javascript` header, which will cause your application to break. If that doesn't apply to you, this is the option that will deliver the best performance for the largest number of users, until `modulepreload` is more widely supported. * @default "modulepreload" + * @since 1.8.4 */ preloadStrategy?: 'modulepreload' | 'preload-js' | 'preload-mjs'; }; @@ -462,6 +464,7 @@ declare module '@sveltejs/kit' { * In 1.0, `undefined` was a valid value, which was set by default. In that case, if `paths.assets` was not external, SvelteKit would replace `%sveltekit.assets%` with a relative path and use relative paths to reference build artifacts, but `base` and `assets` imported from `$app/paths` would be as specified in your config. * * @default true + * @since 1.9.0 */ relative?: boolean; }; @@ -513,6 +516,7 @@ declare module '@sveltejs/kit' { * ``` * * @default "fail" + * @since 1.15.7 */ handleHttpError?: PrerenderHttpErrorHandlerValue; /** @@ -524,6 +528,7 @@ declare module '@sveltejs/kit' { * - `(details) => void` — a custom error handler that takes a `details` object with `path`, `id`, `referrers` and `message` properties. If you `throw` from this function, the build will fail * * @default "fail" + * @since 1.15.7 */ handleMissingId?: PrerenderMissingIdHandlerValue; /** @@ -535,6 +540,7 @@ declare module '@sveltejs/kit' { * - `(details) => void` — a custom error handler that takes a `details` object with `generatedFromId`, `entry`, `matchedId` and `message` properties. If you `throw` from this function, the build will fail * * @default "fail" + * @since 1.16.0 */ handleEntryGeneratorMismatch?: PrerenderEntryGeneratorMismatchHandlerValue; /** @@ -560,6 +566,7 @@ declare module '@sveltejs/kit' { * A function that allows you to edit the generated `tsconfig.json`. You can mutate the config (recommended) or return a new one. * This is useful for extending a shared `tsconfig.json` in a monorepo root, for example. * @default (config) => config + * @since 1.3.0 */ config?: (config: Record) => Record | void; }; From 1240fef2d8716b531d97f3965628f19c5a50675c Mon Sep 17 00:00:00 2001 From: Rich Harris Date: Tue, 9 Jan 2024 17:36:27 -0500 Subject: [PATCH 07/33] chore: allow access to source code (#11571) Co-authored-by: Rich Harris --- playgrounds/basic/vite.config.js | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/playgrounds/basic/vite.config.js b/playgrounds/basic/vite.config.js index bbf8c7da43f0..7617d19b8849 100644 --- a/playgrounds/basic/vite.config.js +++ b/playgrounds/basic/vite.config.js @@ -2,5 +2,10 @@ import { sveltekit } from '@sveltejs/kit/vite'; import { defineConfig } from 'vite'; export default defineConfig({ - plugins: [sveltekit()] + plugins: [sveltekit()], + server: { + fs: { + allow: ['../../packages/kit'] + } + } }); From 11e597362dbeb23d6ba7c1f877f4bb7d83459924 Mon Sep 17 00:00:00 2001 From: Rich Harris Date: Tue, 9 Jan 2024 17:36:37 -0500 Subject: [PATCH 08/33] chore: remove HttpError instanceof hack (#11570) Co-authored-by: Rich Harris --- packages/kit/test/apps/basics/src/hooks.server.js | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/packages/kit/test/apps/basics/src/hooks.server.js b/packages/kit/test/apps/basics/src/hooks.server.js index 1251601e35af..b7cbbd9004eb 100644 --- a/packages/kit/test/apps/basics/src/hooks.server.js +++ b/packages/kit/test/apps/basics/src/hooks.server.js @@ -1,7 +1,6 @@ import fs from 'node:fs'; import { sequence } from '@sveltejs/kit/hooks'; -import { HttpError } from '../../../../src/runtime/control'; -import { error, redirect } from '@sveltejs/kit'; +import { error, isHttpError, redirect } from '@sveltejs/kit'; import { COOKIE_NAME } from './routes/cookies/shared'; /** @@ -9,10 +8,10 @@ import { COOKIE_NAME } from './routes/cookies/shared'; * and (in dev) `stack`, plus any custom properties, plus recursively * serialized `cause` properties. * - * @param {HttpError | Error } error + * @param {Error} error */ export function error_to_pojo(error) { - if (error instanceof HttpError) { + if (isHttpError(error)) { return { status: error.status, ...error.body From 14d0a46bedede8e36d499b8f014dd7d840e2421e Mon Sep 17 00:00:00 2001 From: Ben McCann <322311+benmccann@users.noreply.github.com> Date: Tue, 9 Jan 2024 14:49:26 -0800 Subject: [PATCH 09/33] chore: remove postinstall script (#11572) --- package.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/package.json b/package.json index ff148bffef75..624f1929e78e 100644 --- a/package.json +++ b/package.json @@ -17,8 +17,7 @@ "changeset:version": "changeset version && pnpm -r generate:version && git add --all", "changeset:release": "changeset publish", "start": "cd sites/kit.svelte.dev && npm run dev", - "build": "pnpm --filter @sveltejs/* -r build", - "postinstall": "pnpm -r generate:types && pnpm build" + "build": "pnpm --filter @sveltejs/* -r build" }, "devDependencies": { "@changesets/cli": "^2.27.1", From 5b90b02409583926a6183aae08eb80e441a90d84 Mon Sep 17 00:00:00 2001 From: Mathias Picker <48158184+MathiasWP@users.noreply.github.com> Date: Wed, 10 Jan 2024 00:44:17 +0100 Subject: [PATCH 10/33] security: avoid CSP conflict with sha/nonce during dev & add support for 'style-src-elem' (#11562) * add nonce to script-src-elem csp directive if defined * added changeset * also handle hashes and style-src-attr and style-src-elem * changed order of variable declaration * fixed typo * updated changeset * fix bug and update test * update test * write better tests and fix bugs * Update .changeset/giant-years-drum.md * remove sha256 or nonce from csp when adding unsafe-inline during dev * automatically add csp sha for empty stylesheets on style-src-elem if necessary * Update giant-years-drum.md * format and fix typo * Update .changeset/giant-years-drum.md Co-authored-by: Ben McCann <322311+benmccann@users.noreply.github.com> * split into 2 changesets --------- Co-authored-by: Rich Harris Co-authored-by: Ben McCann <322311+benmccann@users.noreply.github.com> --- .changeset/giant-years-drum.md | 5 +++ .changeset/tall-boats-bathe.md | 5 +++ packages/kit/src/runtime/server/page/csp.js | 38 +++++++++++++++++-- .../kit/src/runtime/server/page/csp.spec.js | 12 ++++-- 4 files changed, 53 insertions(+), 7 deletions(-) create mode 100644 .changeset/giant-years-drum.md create mode 100644 .changeset/tall-boats-bathe.md diff --git a/.changeset/giant-years-drum.md b/.changeset/giant-years-drum.md new file mode 100644 index 000000000000..5aaa0e728874 --- /dev/null +++ b/.changeset/giant-years-drum.md @@ -0,0 +1,5 @@ +--- +"@sveltejs/kit": patch +--- + +feat: add CSP support for style-src-elem diff --git a/.changeset/tall-boats-bathe.md b/.changeset/tall-boats-bathe.md new file mode 100644 index 000000000000..49a1b00e1b91 --- /dev/null +++ b/.changeset/tall-boats-bathe.md @@ -0,0 +1,5 @@ +--- +"@sveltejs/kit": patch +--- + +fix: address CSP conflicts with sha/nonce during dev diff --git a/packages/kit/src/runtime/server/page/csp.js b/packages/kit/src/runtime/server/page/csp.js index 6bd55f9c0c38..5eafa314aa6d 100644 --- a/packages/kit/src/runtime/server/page/csp.js +++ b/packages/kit/src/runtime/server/page/csp.js @@ -92,16 +92,32 @@ class BaseProvider { // } // ...and add unsafe-inline so we can inject